Command Zero
← Back to the glossary
Glossary · Question-based method

What is the Question-based method?

The Question-based method is Command Zero's approach to AI-driven security investigation, every investigation is structured as a sequence of expert-authored questions that AI agents execute against customer data sources, producing a transparent and reproducible verdict.

Updated 2026-05-19

What it means

The Question-based method is the technical implementation of Governed AI. Rather than relying on free-form LLM inference, Command Zero agents draw from a curated library of thousands of expert questions covering identity, endpoint, email, cloud, and SaaS data sources. Each question has a defined scope, an expected output, and a documented purpose. The library is the unit of expertise, adding a new question makes the entire customer base more capable. The method is what makes investigations reproducible: the same question against the same data produces the same answer.

Command Zero’s approach

How Command Zero handles Question-based method.

Every Command Zero investigation is a sequence of questions. Agents select relevant questions based on the alert context, customer-authorized data sources, and investigation goal. Customers can audit which questions ran, why they ran, and what they returned. Senior analysts contribute new questions to the library, which compounds the team's expertise over time.

Related terms
Governed AIEncoded ExpertiseKnowledge CompoundsAI SOC Agent
← Back to the glossary

Frequently asked questions

What is the Question-based method in security investigations?

It structures every investigation as a sequence of expert-authored questions that AI agents run against your data, instead of relying on free-form model inference. Each question has a defined scope, data source, and purpose.

Why use questions instead of letting the AI investigate freely?

Questions make investigations reproducible and auditable: the same question against the same data returns the same answer, and you can see exactly what was asked. Free-form inference is neither reproducible nor easy to govern.

Can we add our own questions?

Yes. Command Zero ships thousands of expert questions and lets your team add their own for your environment and threat model. Each new question makes every future investigation more capable, which is how expertise compounds across the team.

See Question-based method in production

Book a Command Zero demo.

Live in under an hour. No migration. Zero training data required.

Book a Demo
No training data requiredSOC 2 CompliantDirect-to-data